It's ages since I changed my email password, so I thought I would change it today to keep up my security. However, I am shocked to find that Virgin Media passwords are still limited to only ten alpha-numeric characters! This is the most limited password system that I'm using on any of my computer services, from any company.
My 'KeePass' security utility rates every password that I use, and the extremely limited Virgin Media password only just makes it out of the orange "dangerous" region, right at the bottom of the scale!
Bearing in mind that my Virgin Media password not only gives full access to my account, but also all of my email, why are Virgin continuing to use a system which is so dangerous for its users?
We've seen over the past few years that many computer services companies have been hacked, and various sensitive security information has been stolen. Why are Virgin Media making it easier for potential thieves to crack any stolen passwords?
Are the passwords deliberately being limited to allow Virgin, or other third parties, to access customer accounts? If not, why is the limitation in place?
Lol, so as I searched for the topic of password security a couple of times before creating a new thread, it seems to indicate that not only is VM's password policy very bad, but their forum search tools are pretty ropey too! *Sigh* :-D Thanks for the pointer BenMcr.
Yes, again. So long as Virgin Media refuses to even acknowledge this problem, let alone do anything constructive about it, then I'm sure that concerned customers will continue to raise this important issue, and rightly so.
There are tools available on the web which can crack simple 10-char alpha-numerics within a few hours. A hacker could steal VM account details, leave their software running for a time to crack the passwords, and have dozens of fully-open VM accounts and email accounts to browse through.
PaulMoore, have you ever worked for a computer security company such as Dr Solomon's Software, or McAfee? I have, and I know what I'm talking about.
"There are tools available on the web which can crack simple 10-char alpha-numerics within a few hours"
That's a different scenario than the one you presented. I didn't say you couldn't choose a weak 10 character password... I said a correctly-chosen 10 character password isn't "dangerously insecure". You've already mentioned your use of KeePass, which suggests any password (regardless of length) is cryptographically random and thus, much more secure than a password chosen by any human.
Instead of questioning my background (OSINT works wonders btw) or labelling me a shill, can you explain or justify (in detail) exactly how your truly random, 10 character password would be broken and the timescale for such an attack?
It's also worth mentioning, an attacker wouldn't have to crack VM passwords... they're not hashed in the first place.